Artwork for podcast 10 Questions to Cyber Resilience
The Evolution of Cyber Security, with Mark Salinas
Episode 57th October 2022 • 10 Questions to Cyber Resilience • Assurance IT
00:00:00 00:41:39

Share Episode

Shownotes

Assurance IT invited Security Engineer Manager, Mark Salinas, to chat about the evolution of cyber security.

 

In this episode, Mark Salinas and co-founder of Assurance IT, Luigi Tiano, discuss: 

  1. Evolution of networking
  2. Cyber security in 2000 vs 2022
  3. End-users in 2000 vs 2022
  4. The reality of buying cyber security tools
  5. Cyber security vs cyber resilience
  6. Cyber attacks on critical infrastructure
  7. Getting hacked through a clock
  8. What the Googles of the world are doing to mitigate the skillset shortage in IT

 

Resources: 

Watch the episode: https://youtu.be/TUA01zTVbw0

Mark Salinas' LinkedIn: https://www.linkedin.com/in/mark-salinas-75b9363/

Luigi Tiano’s LinkedIn: https://www.linkedin.com/in/luigitiano/

Assurance IT Website: http://www.assuranceit.ca/

 

 

About Mark Salinas: 

Over 20 years industry experience as a security & network architect and engineer, including: design & installation of: networking, Cloud, Network Security, Firewalls, IDS/IPS, Application Security /Firewall, Application Acceleration, WAN Optimization. WAF and DAM. Cloud Services. PCI & NERC Compliance and GRC. CISSP. Pre-Sales as well as Post Sales Support. Network & Security Architecture designs. Security Audits & reviews. US citizen. Mentor.


About 10 Questions to Cyber Resilience: 

Twice per month, learn about how IT leaders are strengthening their cyber security practices. Every episode comprises of 10 questions that get you one step closer to cyber resilience. Subscribe to stay up-to-date with hot topics in cyber security. 

 


About Assurance IT: 

Assurance IT (www.assuranceit.ca) specializes in data protection and data privacy for the mid-market in Canada, since 2011. The Montreal-based company’s unique approach to helping customers become cyber resilient is called the PPR Methodology which stands for Prepare, Protect and Recover. Based on industry best practices, the PPR Methodology is an easier way to achieve cyber security and compliance objectives.

Transcripts

Voiceover:

This is 10

Voiceover:

questions to cyber resilience

Voiceover:

brought to you by assurance

Voiceover:

it released twice per month.

Voiceover:

Every episode brings you one

Voiceover:

step closer to cyber resilience

Voiceover:

by hearing how it leaders are

Voiceover:

practicing cyber security.

Voiceover:

Resources mentioned in the episode

Voiceover:

can be found in the show notes.

Voiceover:

If you are ready to take your

Voiceover:

cyber resilience to the next

Voiceover:

level, be sure to subscribe so

Voiceover:

you can catch every episode.

Luigi Tiano:

Tell us a

Luigi Tiano:

little bit about yourself,

Luigi Tiano:

who you are and what you do.

Mark Salinas:

Sure.

Mark Salinas:

My name's Mark.

Mark Salinas:

I'm a cyber security, depending

Mark Salinas:

on the day of the week, you

Mark Salinas:

know, the time of the day

Mark Salinas:

architect, engineer, manager,

Mark Salinas:

any, all of those things.

Mark Salinas:

I started in networking.

Mark Salinas:

I was young, hungry and maybe

Mark Salinas:

not bright in that, you know,

Mark Salinas:

people would ask me to do stuff

Mark Salinas:

and I'd say, yes, my natural

Mark Salinas:

inclination at the time was

Mark Salinas:

to say yes to everything.

Mark Salinas:

So people would say,

Mark Salinas:

Hey, I wanna network.

Mark Salinas:

And I'd say yes.

Mark Salinas:

And then I'd say, all right,

Mark Salinas:

like how are we gonna do that?

Mark Salinas:

So I started networking and

Mark Salinas:

then because of the progression

Mark Salinas:

of networking and layer three

Mark Salinas:

firewalls, typically the

Mark Salinas:

network of people were selected

Mark Salinas:

to be the firewall experts.

Mark Salinas:

Because again, the

Mark Salinas:

layer three knowledge.

Mark Salinas:

I just remember my boss, her

Mark Salinas:

name was Kim said, I'm gonna

Mark Salinas:

send you to firewall school.

Mark Salinas:

And I said, sure, again, I

Mark Salinas:

wanna say yes to everything.

Mark Salinas:

And so I have to find

Mark Salinas:

her and thank her.

Mark Salinas:

So I've been in firewalls

Mark Salinas:

since 2000 and it's just

Mark Salinas:

been a natural progression of

Mark Salinas:

firewalls to wa to

Mark Salinas:

host, to network.

Mark Salinas:

And it's all, it's just

Mark Salinas:

a natural progression.

Mark Salinas:

This latest job I decided I

Mark Salinas:

was tired of telling people

Mark Salinas:

they were doing it wrong and

Mark Salinas:

jump into the fire myself.

Mark Salinas:

Show 'em how it's done.

Mark Salinas:

Good news is I'm doing it.

Mark Salinas:

The bad news is it's

Mark Salinas:

harder than it looks on TV.

Mark Salinas:

So it's a challenge.

Mark Salinas:

It's exciting.

Mark Salinas:

Sometimes it's exciting,

Mark Salinas:

like a roller coaster.

Mark Salinas:

Sometimes it's exciting

Mark Salinas:

like the house is on fire.

Mark Salinas:

So not a good kind of exciting,

Mark Salinas:

but every day is interesting.

Luigi Tiano:

yeah, I know.

Luigi Tiano:

I can appreciate that.

Luigi Tiano:

It's great.

Luigi Tiano:

And you mentioned like, the

Luigi Tiano:

networking professional, right?

Luigi Tiano:

So I guess inherently 15, 20

Luigi Tiano:

years ago, if you were in the

Luigi Tiano:

networking world, especially when

Luigi Tiano:

talking in touching firewalls

Luigi Tiano:

in the perimeter, you by default

Luigi Tiano:

became the security expert, right.

Luigi Tiano:

There was really no notion

Luigi Tiano:

of actually having a

Luigi Tiano:

security team at that time.

Luigi Tiano:

Right.

Luigi Tiano:

It was just securing the perimeter.

Mark Salinas:

In fact, it

Mark Salinas:

was usually, Hey, you network

Mark Salinas:

guys here you're running the

Mark Salinas:

firewalls and the network people.

Mark Salinas:

Yeah.

Mark Salinas:

Port IPs ports.

Mark Salinas:

Sure.

Mark Salinas:

That was a natural progression.

Mark Salinas:

So I still think it's a

Mark Salinas:

good natural progression.

Mark Salinas:

There's still more obviously,

Mark Salinas:

as you know, but it is

Mark Salinas:

a natural progression.

Mark Salinas:

I prefer to see kind

Mark Salinas:

of an evolution.

Mark Salinas:

Everybody wants to snap

Mark Salinas:

their fingers and be a

Mark Salinas:

cybersecurity expert or hire

Mark Salinas:

one, but it's a progression.

Mark Salinas:

You're not gonna know

Mark Salinas:

everything day one.

Mark Salinas:

So great way to start is

Mark Salinas:

PCs, networking, layer

Mark Salinas:

three, work your way up.

Luigi Tiano:

Yep.

Luigi Tiano:

I agree.

Luigi Tiano:

Can't agree more and in terms

Luigi Tiano:

of size of companies that

Luigi Tiano:

you worked for I mean, I've

Luigi Tiano:

looked at your profile and

Luigi Tiano:

I've seen what you've done.

Luigi Tiano:

You've worked for some rather

Luigi Tiano:

larger organizations, right?

Luigi Tiano:

Tell us a little bit about the

Luigi Tiano:

sizes that you've gone through

Luigi Tiano:

over the years, and where do

Luigi Tiano:

you feel the most comfortable?

Luigi Tiano:

Where you can provide

Luigi Tiano:

the most value?

Mark Salinas:

That's

Mark Salinas:

actually a great question.

Mark Salinas:

I've done well in the telcos.

Mark Salinas:

The telcos typically are very

Mark Salinas:

strong in their networking,

Mark Salinas:

not necessarily IP networking

Mark Salinas:

or not necessarily security.

Mark Salinas:

So I always was very

Mark Salinas:

successful at the telcos.

Mark Salinas:

Typically the customers

Mark Salinas:

that need help as let's say

Mark Salinas:

the fortune 1000 of 2000.

Mark Salinas:

So I've done well in mid to

Mark Salinas:

large fortune 100 fortune 10.

Mark Salinas:

You know, those guys are

Mark Salinas:

Jamie diamond is rumored

Mark Salinas:

to have like a thousand or

Mark Salinas:

10,000 people in security.

Mark Salinas:

So they're not gonna need

Mark Salinas:

a lot of help, but the

Mark Salinas:

midsize couple fortune 1000

Mark Salinas:

they're gonna need some help.

Luigi Tiano:

Yeah.

Mark Salinas:

And so that's

Mark Salinas:

where I've done well.

Mark Salinas:

They're doing things, you

Mark Salinas:

know, and they still need help.

Mark Salinas:

And so I've been successful there.

Luigi Tiano:

Interesting.

Luigi Tiano:

Thank you for sharing that.

Luigi Tiano:

So without dating both of ourselves

Luigi Tiano:

here I'd like to talk a little bit

Luigi Tiano:

about how protecting the enterprise

Luigi Tiano:

has evolved over the years.

Luigi Tiano:

I think you touched a little bit

Luigi Tiano:

upon it earlier when you mentioned,

Luigi Tiano:

being close to the networking

Luigi Tiano:

aspect, but how do you see that

Luigi Tiano:

change happen over the years?

Luigi Tiano:

There's definitely been

Luigi Tiano:

a change and how has it

Luigi Tiano:

evolved in your opinion?

Mark Salinas:

Yeah, absolutely.

Mark Salinas:

It started, it's funny from a let's

Mark Salinas:

skip protecting for two seconds.

Mark Salinas:

Networking's gone the full circle.

Mark Salinas:

We had main one mainframe at

Mark Salinas:

headquarters and we went full

Mark Salinas:

distributed computing, and now

Mark Salinas:

we're going back to a big host.

Mark Salinas:

Not a mainframe God forbid, but a

Mark Salinas:

big host running in a data center.

Mark Salinas:

So we're back to where we started.

Mark Salinas:

The part that's

Mark Salinas:

hard is, it was easy

Mark Salinas:

protecting one mainframe or

Mark Salinas:

your web presence, because you

Mark Salinas:

knew what your tax surface was.

Mark Salinas:

The key buzzword to everybody

Mark Salinas:

should be a tax surface.

Mark Salinas:

You have to know your tax surface.

Mark Salinas:

So back when web, and when

Mark Salinas:

eCommerce took off, you had

Mark Salinas:

one or two, imagine an Amazon.

Mark Salinas:

You have one server, amazon.com

Mark Salinas:

protect the daylights out of it.

Mark Salinas:

And yeah, everybody was hacking

Mark Salinas:

amazon.com to get free stuff or

Mark Salinas:

steal money or things like that.

Mark Salinas:

So it went from, let me

Mark Salinas:

protect one site or one

Mark Salinas:

data center or one thing.

Mark Salinas:

To now with malware, the

Mark Salinas:

goal is to take over a PC.

Mark Salinas:

And so now I gotta go from

Mark Salinas:

protecting 1, 2, 10 servers

Mark Salinas:

to 2000, 10,000 endpoints.

Mark Salinas:

And 99%

Mark Salinas:

isn't good enough.

Mark Salinas:

If you have 1% of your PCs

Mark Salinas:

vulnerable in that 1% gets

Mark Salinas:

malware, you're stuck.

Mark Salinas:

You're in a bad place.

Mark Salinas:

And so it's gotten harder

Mark Salinas:

in that I have to know

Mark Salinas:

where every single PC is.

Mark Salinas:

It's gotten harder because, I was

Mark Salinas:

originally for compliance for, for

Mark Salinas:

servers, it's a hundred percent.

Mark Salinas:

I have to be 100% patched.

Mark Salinas:

For PCs I was like, you know

Mark Salinas:

what, with the executives and

Mark Salinas:

traveling, let's shoot for 95%.

Mark Salinas:

95% isn't good enough.

Mark Salinas:

It's not good enough.

Luigi Tiano:

Yeah.

Mark Salinas:

And at college,

Mark Salinas:

they get you a good a but in

Mark Salinas:

the real world, that just means

Mark Salinas:

95% of a thousand is what?

Mark Salinas:

50.

Mark Salinas:

So 50 PCs are vulnerable.

Mark Salinas:

So pray that those 50 PCs don't

Mark Salinas:

get attacked and that's so

Luigi Tiano:

the

Luigi Tiano:

cliche says, right.

Luigi Tiano:

You're as strong as

Luigi Tiano:

your weakest link.

Luigi Tiano:

If you've got one weak link

Luigi Tiano:

in the chain there, which

Luigi Tiano:

could be any PC that's

Luigi Tiano:

vulnerable, then you're done.

Luigi Tiano:

Right.

Luigi Tiano:

So yeah, there's no room for error.

Luigi Tiano:

There's no margin error.

Luigi Tiano:

That's sure when it comes to

Luigi Tiano:

protecting enterprise and the

Luigi Tiano:

end point you mentioned it.

Luigi Tiano:

I think the endpoint is extremely,

Luigi Tiano:

it was overlooked, right?

Luigi Tiano:

You said it's kind of evolved.

Luigi Tiano:

Right.

Luigi Tiano:

And an endpoint also now

Luigi Tiano:

means having a mobile

Luigi Tiano:

device in your possession.

Luigi Tiano:

So that also has to

Luigi Tiano:

be protected as well.

Mark Salinas:

Yeah.

Mark Salinas:

And I'm glad you brought that up.

Mark Salinas:

This whole MDM mobile device

Mark Salinas:

management and bring your own

Mark Salinas:

device like, oh, at least,

Mark Salinas:

you know, when you have a

Mark Salinas:

corporate image, it's our device.

Mark Salinas:

This is the image I am security.

Mark Salinas:

I am responsible for the

Mark Salinas:

PC on your desk, Luigi

Luigi Tiano:

Right.

Mark Salinas:

Now.

Mark Salinas:

It's oh yeah.

Mark Salinas:

Luigi, you bring your own device.

Mark Salinas:

Like, what are you kidding me?

Mark Salinas:

what's on your device?

Mark Salinas:

Do I even know?

Luigi Tiano:

Exactly, exactly.

Luigi Tiano:

And where does that

Luigi Tiano:

device come from?

Luigi Tiano:

Who's had it?

Luigi Tiano:

You know, sometimes people buy

Luigi Tiano:

devices, like they'll buy them

Luigi Tiano:

online and they'll reuse them.

Luigi Tiano:

And so on.

Luigi Tiano:

It's such a tough situation to be

Luigi Tiano:

in when you're managing a bunch of

Luigi Tiano:

devices from whomever, and yeah,

Luigi Tiano:

the job has been has obviously

Luigi Tiano:

become more difficult for everyone.

Luigi Tiano:

So

Mark Salinas:

yeah.

Luigi Tiano:

That kind of leads me

Luigi Tiano:

to my question about cybersecurity.

Luigi Tiano:

We use this word, listen,

Luigi Tiano:

it's, it's not a buzzword,

Luigi Tiano:

it's an actual thing, but yeah.

Luigi Tiano:

So what does

Luigi Tiano:

cybersecurity mean to you?

Luigi Tiano:

What did it mean in 2000, right.

Luigi Tiano:

Let's go back.

Luigi Tiano:

What does it mean in 2000 versus

Luigi Tiano:

what cybersecurity is in 2022?

Luigi Tiano:

What's your opinion then?

Mark Salinas:

Sure.

Mark Salinas:

Yeah, no, it's gotten better

Mark Salinas:

and it's gotten worse.

Mark Salinas:

So 2000 I had my web servers,

Mark Salinas:

I had to protect, we had

Mark Salinas:

firewalls, so I have one firewall

Mark Salinas:

per data center, a handful of

Mark Salinas:

rules, a handful of servers.

Mark Salinas:

If people went home, they

Mark Salinas:

dialed in, literally dialed in.

Luigi Tiano:

Yep.

Mark Salinas:

And then you went

Mark Salinas:

through the corporate network.

Mark Salinas:

So your traffic came back

Mark Salinas:

to corporate got secure,

Mark Salinas:

went back out again.

Mark Salinas:

These days with cloud, everyone

Mark Salinas:

wants to do everything everywhere.

Mark Salinas:

So I've got my laptop and I wanna

Mark Salinas:

do everything in a Starbucks.

Mark Salinas:

Okay.

Mark Salinas:

We have things for that.

Mark Salinas:

There's cloud security, cloud

Mark Salinas:

proxies and that's all well and

Mark Salinas:

good, but it still comes down to,

Mark Salinas:

the IT guys, the IT department,

Mark Salinas:

the IT security department has

Mark Salinas:

to say, okay, every PC has the

Mark Salinas:

appropriate software so that

Mark Salinas:

when you go out to, to your

Mark Salinas:

Starbucks in, You know, east of

Mark Salinas:

PIP, Idaho that you're protected

Mark Salinas:

and there's tools for that.

Mark Salinas:

But again, it's back to that a

Mark Salinas:

hundred percent and I have to

Mark Salinas:

make sure every tool is up to

Mark Salinas:

date in terms of all the clients.

Mark Salinas:

Every PC I'm sorry

Luigi Tiano:

Right.

Luigi Tiano:

And you made me think

Luigi Tiano:

about something right now.

Luigi Tiano:

So cybersecurity again

Luigi Tiano:

in 2000 versus 2022.

Luigi Tiano:

I mean the end user,

Luigi Tiano:

what does that look like?

Luigi Tiano:

I remember my first

Luigi Tiano:

job before 2000.

Luigi Tiano:

I was kind of just an enterprise

Luigi Tiano:

there and security was not

Luigi Tiano:

even a thing that we thought

Luigi Tiano:

about, to be honest with you.

Luigi Tiano:

Now let's just be honest, right?

Luigi Tiano:

So now security is like day one,

Luigi Tiano:

any job orientation, that's kind

Luigi Tiano:

of like they're pounding in.

Luigi Tiano:

So against the culture

Luigi Tiano:

shift, I think.

Luigi Tiano:

Right?

Luigi Tiano:

So what did you see in

Luigi Tiano:

terms of your end users in

Luigi Tiano:

2020 or 2000 versus now?

Luigi Tiano:

Have you seen that shift happen?

Luigi Tiano:

Is it real thing where

Luigi Tiano:

people are more cognizant?

Mark Salinas:

That's

Mark Salinas:

two different questions.

Luigi Tiano:

You're right.

Mark Salinas:

People

Mark Salinas:

are getting training.

Mark Salinas:

Years ago,

Mark Salinas:

it was, don't leave your

Mark Salinas:

laptop in your backseat.

Mark Salinas:

Security man.

Mark Salinas:

Don't leave your laptop

Mark Salinas:

in your backseat.

Mark Salinas:

Be careful going through

Mark Salinas:

airport security.

Mark Salinas:

There's rules around security

Mark Salinas:

were very, just common sense.

Mark Salinas:

Don't do something really dumb.

Luigi Tiano:

Yes.

Mark Salinas:

Now it's, you

Mark Salinas:

know, watch out for this.

Mark Salinas:

Watch out for that.

Mark Salinas:

I wanna go down, I guess

Mark Salinas:

now is as good time as any.

Mark Salinas:

You and I corporates training

Mark Salinas:

users, there is now most

Mark Salinas:

companies onboarding, you get

Mark Salinas:

a full hour of IT security

Mark Salinas:

training, one to three hours.

Mark Salinas:

And that's fantastic.

Mark Salinas:

But when I have conversations

Mark Salinas:

with people, so two

Mark Salinas:

things are happening.

Mark Salinas:

One users are getting trained.

Mark Salinas:

Yes.

Luigi Tiano:

Yep.

Mark Salinas:

Two users are aware.

Mark Salinas:

If you call someone up and say,

Mark Salinas:

Hey I think we have a problem.

Mark Salinas:

They go, oh yeah, I get it.

Mark Salinas:

They'll spout you.

Mark Salinas:

This is what don't do these things.

Mark Salinas:

Mm-hmm I go, great.

Mark Salinas:

You get it.

Mark Salinas:

And then when I look at

Mark Salinas:

my inbox and everyone is

Mark Salinas:

forwarding me, their spam

Mark Salinas:

saying, is this phishing?

Mark Salinas:

And I'm like, It's free Viagra.

Mark Salinas:

Like really?

Mark Salinas:

like, you know, people

Mark Salinas:

are forwarding me.

Mark Salinas:

I'm 91% of the, I think this is

Mark Salinas:

phishing report phishing button

Mark Salinas:

is not phishing so the 91%.

Mark Salinas:

And it's really,

Mark Salinas:

you just look at it.

Mark Salinas:

It's free Walmart gift cards.

Mark Salinas:

I mean, come on guys.

Mark Salinas:

So.

Mark Salinas:

There's a disconnect between

Mark Salinas:

what people are saying and what

Mark Salinas:

they're clicking and either,

Mark Salinas:

well, first it brings me, I

Mark Salinas:

guess, to my next point, I

Mark Salinas:

don't mean to go off your path.

Mark Salinas:

Sorry.

Luigi Tiano:

No, no.

Mark Salinas:

All

Mark Salinas:

people are scared.

Mark Salinas:

First and foremost,

Mark Salinas:

people are scared.

Mark Salinas:

Executives that I don't think

Mark Salinas:

should be scared and normal

Mark Salinas:

users, end users, somebody, an

Mark Salinas:

accountant and account managers.

Mark Salinas:

And we don't expect

Mark Salinas:

them to be savy.

Mark Salinas:

They're scared.

Mark Salinas:

We put the fear God in

Mark Salinas:

them and that's okay.

Mark Salinas:

I'm kind of glad to be honest, but

Mark Salinas:

they're not doing the right thing.

Mark Salinas:

So scaring someone into doing

Mark Salinas:

the right thing is not working.

Mark Salinas:

Second.

Luigi Tiano:

That's interesting.

Luigi Tiano:

That's interesting point.

Luigi Tiano:

Yeah.

Mark Salinas:

We've scared

Mark Salinas:

them and now they forward

Mark Salinas:

me all their emails.

Mark Salinas:

To say, Hey, Mark is this phishing?

Mark Salinas:

Is this phishing is,

Mark Salinas:

oh, for the love of God.

Mark Salinas:

Like, this is not

Mark Salinas:

all, this is spam.

Mark Salinas:

This is, you know?

Luigi Tiano:

There's

Luigi Tiano:

differentiation there.

Luigi Tiano:

Yeah.

Mark Salinas:

There's a big,

Mark Salinas:

that spam is at this point.

Mark Salinas:

Anyone older than the age of five

Mark Salinas:

should know spam, come on, right?

Luigi Tiano:

Yep.

Mark Salinas:

Because

Mark Salinas:

we get so much of it.

Mark Salinas:

But it's the part that's throwing

Mark Salinas:

me is executives the boards.

Mark Salinas:

I wrote this in my

Mark Salinas:

column and you jumped in.

Mark Salinas:

I appreciate it.

Mark Salinas:

If you go in front of the board

Mark Salinas:

and say, I need money for cyber

Mark Salinas:

security, the boards gonna say

Mark Salinas:

yes, and I am like, awesome.

Mark Salinas:

That's a great thing for business.

Mark Salinas:

So the board says, go spend some

Mark Salinas:

money, but then the executives are

Mark Salinas:

like, so I bought a whole bunch

Mark Salinas:

of tools and I'm like, okay, what

Mark Salinas:

are you doing with those tools?

Mark Salinas:

And they're like watching

Mark Salinas:

security and I'm like, I need a

Mark Salinas:

little better answer than that.

Luigi Tiano:

Right.

Mark Salinas:

And so.

Mark Salinas:

As I write, these tools need

Mark Salinas:

to be managed when I was

Mark Salinas:

doing this role, I was like,

Mark Salinas:

let's go buy some tools.

Mark Salinas:

And then, you know, added

Mark Salinas:

four hours to my day.

Mark Salinas:

Maybe I'm not getting

Mark Salinas:

the best viewpoint here.

Mark Salinas:

So we need to be selective

Mark Salinas:

about the tools and if

Mark Salinas:

we buy tools, we need to

Mark Salinas:

really use the tool.

Mark Salinas:

I'm hung up on a database

Mark Salinas:

activity monitoring.

Mark Salinas:

People are buying it and when

Mark Salinas:

I look at how they're using it,

Mark Salinas:

database activity monitoring

Mark Salinas:

is an incredible tool, but you

Mark Salinas:

need the database person sitting

Mark Salinas:

next to you because I don't know

Mark Salinas:

what the database looks like.

Mark Salinas:

And so here's this expensive

Mark Salinas:

tools creating these reports

Mark Salinas:

that no one knows how to read.

Mark Salinas:

And I'm like this is not good.

Mark Salinas:

So it's business needs to take

Mark Salinas:

a breath and every time you do

Mark Salinas:

something, say, I bought something.

Mark Salinas:

Okay.

Mark Salinas:

What are you gonna do with it?

Mark Salinas:

What's the purpose.

Luigi Tiano:

Yeah.

Luigi Tiano:

Before buying it before buying it.

Luigi Tiano:

Right?

Luigi Tiano:

Like understand it's objective.

Luigi Tiano:

Understand what value you're

Luigi Tiano:

looking to derive from it.

Luigi Tiano:

Right.

Luigi Tiano:

That's a very good, valid point.

Luigi Tiano:

I like that because.

Luigi Tiano:

Again, and this is just my opinion.

Luigi Tiano:

And I'm talking to a lot of

Luigi Tiano:

professional like yourself about

Luigi Tiano:

it, and I'm trying to distinguish

Luigi Tiano:

between what cybersecurity is

Luigi Tiano:

and what cyber resilience is.

Luigi Tiano:

And I know, again, it's another

Luigi Tiano:

buzzword, but when I'm speaking

Luigi Tiano:

to customers, I'm basically trying

Luigi Tiano:

to say, let's do cybersecurity.

Luigi Tiano:

But,

Luigi Tiano:

we need you to be cyber resilient

Luigi Tiano:

and when I say that, I try to

Luigi Tiano:

explain what that means, because

Luigi Tiano:

for me, and I want your opinion

Luigi Tiano:

on this and this is important.

Luigi Tiano:

Cybersecurity could be,

Luigi Tiano:

like you said, tools and

Luigi Tiano:

processes to just secure stuff.

Luigi Tiano:

When I talk cyber resilience,

Luigi Tiano:

it's more of a culture change.

Luigi Tiano:

It's more of you know,

Luigi Tiano:

understanding that the enterprise

Luigi Tiano:

and everyone involved and engaged

Luigi Tiano:

in the enterprise has to have

Luigi Tiano:

some kind of responsibility.

Luigi Tiano:

So are you talking cyber to

Luigi Tiano:

your customers and peers?

Luigi Tiano:

What does it mean to you?

Mark Salinas:

Yeah.

Mark Salinas:

I'm glad you brought that.

Mark Salinas:

Cuz to be honest, the first time

Mark Salinas:

you said it, you really annoyed

Mark Salinas:

me because it kinda opened

Mark Salinas:

up a whole another subject.

Luigi Tiano:

Oh oh, okay.

Luigi Tiano:

Now the truth's coming

Mark Salinas:

You spot

Mark Salinas:

on no, no hats off.

Mark Salinas:

You're spot on.

Mark Salinas:

Back in the day, hacking meant

Mark Salinas:

like they stole your information.

Mark Salinas:

You just had to recover from that.

Mark Salinas:

Right now, a hack might be

Mark Salinas:

either brick your server

Mark Salinas:

or encrypt your data.

Mark Salinas:

So how do you recover from that?

Mark Salinas:

Well, you know, disaster recovery.

Mark Salinas:

And so today you need to have

Mark Salinas:

your backup system, which the

Mark Salinas:

good news is those of us in IT.

Mark Salinas:

They've been doing this since the

Mark Salinas:

forties or fifties or sixties.

Mark Salinas:

IT understands backup

Mark Salinas:

and restoration.

Luigi Tiano:

Got it.

Mark Salinas:

That's the good news.

Luigi Tiano:

Yeah.

Mark Salinas:

But we've sort of

Mark Salinas:

have raised the bar on them in

Mark Salinas:

that we need to be more careful.

Mark Salinas:

So we are now encrypting

Mark Salinas:

the backups and we're

Mark Salinas:

putting something on site.

Mark Salinas:

The good news is again, good news

Mark Salinas:

is that there's better tools.

Mark Salinas:

A lot of the DR type products are

Mark Salinas:

actually like a sand or something

Mark Salinas:

that you can recover much, much,

Mark Salinas:

much quicker back in the day, it

Mark Salinas:

was rebuild the server and then

Mark Salinas:

go off site and get the tapes

Luigi Tiano:

Right.

Mark Salinas:

And restore the

Mark Salinas:

tapes, which is the slowest

Mark Salinas:

thing since watching paint dry.

Mark Salinas:

Now it's, I need to

Mark Salinas:

recover in an hour.

Mark Salinas:

So we spin up a new VM, which,

Mark Salinas:

you know, takes a minute.

Mark Salinas:

And then this data storage

Mark Salinas:

device that no one knew what

Mark Salinas:

it was for now restores a

Mark Salinas:

Terabyte, half a petabyte,

Mark Salinas:

whatever X, wherever we are.

Luigi Tiano:

Yep.

Mark Salinas:

So this backup

Mark Salinas:

thing restores hundreds of

Mark Salinas:

gigabytes in 15 minutes.

Mark Salinas:

So it's changed, but I think

Mark Salinas:

at least those of us who

Mark Salinas:

are preoccupied with it.

Mark Salinas:

I think we're in a good

Mark Salinas:

place, because again, we

Mark Salinas:

have this cool expensive high

Mark Salinas:

performance backup system.

Mark Salinas:

That's ready to go in minutes.

Luigi Tiano:

So that's

Luigi Tiano:

a great example.

Luigi Tiano:

I see.

Luigi Tiano:

Like when you say cyber resilience,

Luigi Tiano:

you wanna be able to recover.

Luigi Tiano:

I think recovering in any

Luigi Tiano:

situation is the bigger battle.

Luigi Tiano:

I mean getting attacked or

Luigi Tiano:

hacked and losing data is fine.

Luigi Tiano:

It was fine.

Luigi Tiano:

It's never fine, but

Luigi Tiano:

you know what I mean?

Luigi Tiano:

Like it happens, but now

Luigi Tiano:

if the organization is not

Luigi Tiano:

ready, doesn't have a plan.

Luigi Tiano:

That's where I see the shortcoming.

Luigi Tiano:

When you talk about resilience, can

Luigi Tiano:

we actually get back on our feet?

Luigi Tiano:

Right.

Luigi Tiano:

That's what I mean when I talk

Luigi Tiano:

about cyber resilience for me,

Luigi Tiano:

it's how quickly can you recover?

Luigi Tiano:

Can you really make those

Luigi Tiano:

objectives as an organization?

Luigi Tiano:

How long can you live being down?

Luigi Tiano:

What are the processes and steps

Luigi Tiano:

and solutions you have in place

Luigi Tiano:

to get you back up and running,

Luigi Tiano:

which you've just described.

Luigi Tiano:

So for me, that's the

Luigi Tiano:

differentiation between

Luigi Tiano:

cyber security and the

Luigi Tiano:

cyber resilient aspect.

Luigi Tiano:

That's the culture that I refer to

Luigi Tiano:

and maybe there's a better word.

Luigi Tiano:

Maybe there isn't.

Luigi Tiano:

But for me, that's kind of

Luigi Tiano:

the one that I've been using.

Luigi Tiano:

And if you think of a better

Luigi Tiano:

one, Mark, let me know, man.

Mark Salinas:

No, I didn't like

Mark Salinas:

it, but again, you're making

Mark Salinas:

me think of things I don't

Mark Salinas:

wanna think about LA LA LA.

Mark Salinas:

Everything's fine.

Luigi Tiano:

Yeah

Mark Salinas:

No,

Mark Salinas:

I appreciate that.

Mark Salinas:

No, it's good because again,

Mark Salinas:

today what's the most likely

Mark Salinas:

after they steal your data?

Mark Salinas:

Encrypt it.

Luigi Tiano:

Yeah.

Mark Salinas:

So right now that's

Mark Salinas:

the standard or common attack.

Mark Salinas:

So if I'm encrypted, I'm gonna

Mark Salinas:

try and decrypted, I'm gonna

Mark Salinas:

wipe it and start from scratch.

Luigi Tiano:

Yeah.

Mark Salinas:

And it's funny

Mark Salinas:

how we talk about days.

Mark Salinas:

How many days to

Mark Salinas:

recover or hours now?

Mark Salinas:

It's minutes.

Luigi Tiano:

Yeah.

Luigi Tiano:

Yeah.

Mark Salinas:

And

Mark Salinas:

the tools are there.

Mark Salinas:

Again, if you're in a normal shop,

Mark Salinas:

you're gonna have a hypervisor.

Mark Salinas:

And you're gonna spin up a

Mark Salinas:

new servers and then you're

Mark Salinas:

gonna restore the data locally.

Mark Salinas:

In some ways well, we're okay.

Mark Salinas:

And we can recover from an attack.

Mark Salinas:

Obviously the goal for people

Mark Salinas:

like us is to not get attacked.

Luigi Tiano:

Exactly.

Luigi Tiano:

But again, like you said, the

Luigi Tiano:

tool and the process and the

Luigi Tiano:

knowhow, that all comes together.

Luigi Tiano:

Right.

Luigi Tiano:

And a lot of companies

Luigi Tiano:

that I'm working with, they

Luigi Tiano:

haven't done a restore test.

Luigi Tiano:

They haven't done a

Luigi Tiano:

backup integrity check in

Luigi Tiano:

months, sometimes years.

Luigi Tiano:

It's just reality things.

Luigi Tiano:

Backing up is the easy part.

Luigi Tiano:

Do you know if it works, you know?

Mark Salinas:

Funny

Mark Salinas:

you say that yeah.

Mark Salinas:

The big DR companies used

Mark Salinas:

to make you do a DR test

Mark Salinas:

and no, you're right.

Mark Salinas:

The good news is IT is

Mark Salinas:

used to doing backups,

Mark Salinas:

backups, backups, backups.

Mark Salinas:

And then, like you just said, when

Mark Salinas:

was your last restoration test?

Mark Salinas:

It gets really quiet.

Luigi Tiano:

Yeah.

Luigi Tiano:

Look, I'm just being honest.

Luigi Tiano:

You know what I mean?

Luigi Tiano:

Obviously, this is

Luigi Tiano:

what we do, right.

Luigi Tiano:

We walk into companies, we tell

Luigi Tiano:

'em, listen, this is what you need.

Luigi Tiano:

And more, more so than ever

Luigi Tiano:

when you're trying to apply

Luigi Tiano:

for a cyber insurance policy,

Luigi Tiano:

or you're trying to meet your

Luigi Tiano:

auditor's needs, they're asking

Luigi Tiano:

those questions regardless.

Luigi Tiano:

So we're just helping you

Luigi Tiano:

put those things in place.

Luigi Tiano:

So, Again, you can circumvent

Luigi Tiano:

it or you can just follow the

Luigi Tiano:

rules and do what you need

Luigi Tiano:

to do and just feel better

Luigi Tiano:

and sleep better at night.

Luigi Tiano:

That's kind of how we put it.

Luigi Tiano:

So I appreciate that.

Luigi Tiano:

And like I said, we still

Luigi Tiano:

have a long way to understand

Luigi Tiano:

or make the culture better

Luigi Tiano:

in all organizations.

Luigi Tiano:

But I think we are in the right

Luigi Tiano:

path from what I'm seeing.

Luigi Tiano:

I do have a really

Luigi Tiano:

sensitive question or

Luigi Tiano:

maybe a philosophical one.

Luigi Tiano:

But, there's a lot of ransomware

Luigi Tiano:

attacks happening right now.

Luigi Tiano:

There's a lot.

Luigi Tiano:

We see them every day in the news.

Luigi Tiano:

They're highly

Luigi Tiano:

visible in the media.

Luigi Tiano:

Companies can't hide from

Luigi Tiano:

these attacks anymore.

Luigi Tiano:

People find out about

Luigi Tiano:

them relatively quickly.

Luigi Tiano:

But some of the attacks that make

Luigi Tiano:

me very worried, are ones that

Luigi Tiano:

are on critical infrastructure.

Luigi Tiano:

The US has seen some over

Luigi Tiano:

the last couple of months

Luigi Tiano:

or the years and so on.

Luigi Tiano:

What's your thoughts on that?

Luigi Tiano:

Are we ready?

Luigi Tiano:

Are we not.

Luigi Tiano:

Again, this is philosophical one,

Luigi Tiano:

so you can answer if you want

Luigi Tiano:

to, but what are your thoughts

Luigi Tiano:

when it comes to ransomware

Luigi Tiano:

on critical US infrastructure

Mark Salinas:

we're not ready.

Mark Salinas:

The good news is I could tell

Mark Salinas:

you from interviewing and meeting

Mark Salinas:

people and things like that.

Mark Salinas:

They're now aware of it.

Mark Salinas:

Of course, colonial pipeline,

Mark Salinas:

making the headlines help make it.

Mark Salinas:

I think that the companies are

Mark Salinas:

aware of it, but like everybody

Mark Salinas:

else now it's just like somebody,

Mark Salinas:

you know, you go to the doctor

Mark Salinas:

and he says, you're an inch

Mark Salinas:

away from a heart attack.

Mark Salinas:

You're like, oh, oh, snap.

Mark Salinas:

Now what?

Luigi Tiano:

Right.

Mark Salinas:

So now they

Mark Salinas:

gotta hire people and they are.

Mark Salinas:

I would say they're

Mark Salinas:

all in step one or two.

Mark Salinas:

You know, what they tell

Mark Salinas:

you, admitting you have a

Mark Salinas:

problem is the first step.

Mark Salinas:

So, so they're, they're

Mark Salinas:

like the alcoholics,

Mark Salinas:

it's a terrible analogy.

Mark Salinas:

I'm sorry.

Mark Salinas:

You know, they're admitting

Mark Salinas:

there's a problem.

Mark Salinas:

And now that needs to be

Mark Salinas:

addressed and so I think we're

Mark Salinas:

in a good place in that we're

Mark Salinas:

moving forward, but are we

Mark Salinas:

ready today for an attack?

Mark Salinas:

Oh the heck, no, we're not ready.

Luigi Tiano:

So admitting

Luigi Tiano:

the problem exists, that's

Luigi Tiano:

the first step we got that.

Luigi Tiano:

Then of course, setting a path

Luigi Tiano:

and charting a path to mitigating

Luigi Tiano:

the risk and then having processes

Luigi Tiano:

and solutions in place then

Luigi Tiano:

in the event, it does happen.

Luigi Tiano:

Be able to bring them back quickly.

Mark Salinas:

Yeah.

Mark Salinas:

Yeah, absolutely.

Luigi Tiano:

Okay.

Luigi Tiano:

Yeah and just touching

Luigi Tiano:

a little bit on that.

Luigi Tiano:

I've seen it.

Luigi Tiano:

Obviously here in Canada as

Luigi Tiano:

well, we have these, you know,

Luigi Tiano:

huge, huge, companies who

Luigi Tiano:

provide infrastructure, whether

Luigi Tiano:

it be hydroelectric and so

Luigi Tiano:

on, the railways and so on.

Luigi Tiano:

For me, what worries me the

Luigi Tiano:

most is the OT/ IT split

Luigi Tiano:

where IT was traditional.

Luigi Tiano:

They know how to protect that.

Luigi Tiano:

And now there's the

Luigi Tiano:

operational technology

Luigi Tiano:

that's out there, which is,

Mark Salinas:

Oh yeah.

Luigi Tiano:

You have

Luigi Tiano:

the gateway from the IP.

Luigi Tiano:

Right.

Luigi Tiano:

That's going into the operational.

Luigi Tiano:

And that to me has become, I

Luigi Tiano:

wouldn't say a mystery, but I

Luigi Tiano:

think that's where there's a lot of

Luigi Tiano:

uneasiness that's happening because

Luigi Tiano:

the OT tip typically

Luigi Tiano:

was kind of isolated.

Luigi Tiano:

It was kind of black boxed.

Luigi Tiano:

You couldn't get to it, and

Luigi Tiano:

now you have this connectivity

Luigi Tiano:

between the IP, which is

Luigi Tiano:

managing all these devices.

Luigi Tiano:

And that for me is something that

Luigi Tiano:

I think we need to get better at.

Luigi Tiano:

And I'm not sure there's

Luigi Tiano:

a lot of expertise in the

Luigi Tiano:

marketplace to do that right now.

Mark Salinas:

There's some, but

Mark Salinas:

it's like you know, the early

Mark Salinas:

adopters are the guys, like

Mark Salinas:

you, that are trying to sell the

Mark Salinas:

solutions and that's all great.

Mark Salinas:

That's all well and good.

Mark Salinas:

I think, you're right back

Mark Salinas:

in the day, it was some kind

Mark Salinas:

of proprietary RS2, RS 422,

Mark Salinas:

or RS 232 connectivity and

Mark Salinas:

there's zone network now.

Mark Salinas:

And I've seen them.

Mark Salinas:

You've seen them.

Mark Salinas:

It's smaller than your phone.

Mark Salinas:

It's the size of a match book.

Mark Salinas:

And it has some kind of

Mark Salinas:

connector on it and then an

Mark Salinas:

ethernet Jack, and I'm looking

Mark Salinas:

at this, like, this is not good.

Mark Salinas:

And so, yeah, no I have some kind

Mark Salinas:

of water sensor, flood meters.

Mark Salinas:

And that again, it's cute.

Mark Salinas:

It's ethernet.

Mark Salinas:

If my server room floods

Mark Salinas:

this little, thing's

Mark Salinas:

gonna send me a track.

Mark Salinas:

Great.

Mark Salinas:

But again, here's

Mark Salinas:

this little thing.

Mark Salinas:

It's running IP, which

Mark Salinas:

means it has an OS.

Mark Salinas:

No, I very much get it.

Mark Salinas:

And I was just on a

Mark Salinas:

call earlier today.

Mark Salinas:

I said, start with segmenting.

Mark Salinas:

First create an OT segment

Mark Salinas:

first and foremost.

Mark Salinas:

I've got some good

Mark Salinas:

stories about that.

Mark Salinas:

And what also bad.

Mark Salinas:

You remember?

Mark Salinas:

I think it was the target was the

Mark Salinas:

hack through the air conditioner.

Luigi Tiano:

There you go.

Mark Salinas:

We had a clock.

Mark Salinas:

I'm not gonna say the names.

Mark Salinas:

We had a clock vendor.

Mark Salinas:

Where they had that the app was

Mark Salinas:

in the cloud and they got hacked.

Mark Salinas:

And it's very clear that they

Mark Salinas:

were not doing zoning correctly

Mark Salinas:

because they hacked the cloud.

Mark Salinas:

They hacked the user, which

Mark Salinas:

then hacked the cloud.

Mark Salinas:

And then that cloud

Mark Salinas:

was connected to me.

Mark Salinas:

And so it's very clear that

Mark Salinas:

people are saying, wow, we

Mark Salinas:

gotta watch the OT thing.

Mark Salinas:

And then they're slapping the

Mark Salinas:

OT right on the production.

Mark Salinas:

And I just cringe and wanna cry.

Luigi Tiano:

Yeah, I get it.

Mark Salinas:

Even just so

Mark Salinas:

you have its own segment,

Mark Salinas:

like start with that.

Luigi Tiano:

Yeah.

Mark Salinas:

Then we'll then

Mark Salinas:

we'll worry about it later.

Luigi Tiano:

Yeah.

Luigi Tiano:

Segmenting your network is

Luigi Tiano:

definitely the first place you

Luigi Tiano:

wanna start when especially when

Luigi Tiano:

you have stuff that's unknown.

Luigi Tiano:

So ultimately you're

Luigi Tiano:

saying we're not ready.

Luigi Tiano:

And, I share that opinion because

Luigi Tiano:

I know there's a lot of stuff

Luigi Tiano:

that we haven't even thought

Luigi Tiano:

about when it comes to that.

Luigi Tiano:

So we touched a little

Luigi Tiano:

bit on skillset.

Luigi Tiano:

We touched a little

Luigi Tiano:

bit about the market.

Luigi Tiano:

Right now, what's your best

Luigi Tiano:

advice for companies dealing with

Luigi Tiano:

the staffing issues that we're

Luigi Tiano:

having and skillset shortages

Luigi Tiano:

specifically when it comes to

Luigi Tiano:

IT security, I'm seeing it.

Luigi Tiano:

I'm assuming you're seeing it too.

Luigi Tiano:

You wanna comment on that?

Mark Salinas:

Two different things.

Mark Salinas:

One is first and foremost, I think

Mark Salinas:

every company larger than, I don't

Mark Salinas:

know, some number thousand, 10,000,

Mark Salinas:

2000 users needs a security guy.

Mark Salinas:

Sorry, I'm from Jersey.

Mark Salinas:

We say guy.

Mark Salinas:

So every company bigger than X

Mark Salinas:

should have a security person.

Mark Salinas:

I don't mean a network

Mark Salinas:

and, and, and no.

Mark Salinas:

One guy, that's his only job.

Mark Salinas:

That's their only job.

Mark Salinas:

And so first you need one of

Mark Salinas:

those, and then we get into okay,

Mark Salinas:

that's where the shortage begins.

Mark Salinas:

What business needs to do, the

Mark Salinas:

big Googles, the big IBMs do it.

Mark Salinas:

They have a training program

Mark Salinas:

where they understand there's

Mark Salinas:

a long haul and this was big

Mark Salinas:

in the eighties and nineties.

Mark Salinas:

And then they kind of died.

Mark Salinas:

Now it's kind of coming back

Mark Salinas:

with the Googles where you

Mark Salinas:

say, okay, we're gonna hire

Mark Salinas:

four analysts and willing full

Mark Salinas:

well, two of 'em are gonna quit

Mark Salinas:

and knowing full well, one of

Mark Salinas:

'em may get promoted may not.

Mark Salinas:

And we just need to

Mark Salinas:

start at the bottom.

Mark Salinas:

And at the bottom because of

Mark Salinas:

time, it's say, alright, I'm

Mark Salinas:

gonna hire four analysts.

Mark Salinas:

And in two years I'm gonna

Mark Salinas:

promote one or two of them.

Mark Salinas:

And everyone corporate still,

Mark Salinas:

I can't speak for Canada, but

Mark Salinas:

corporate America still kind of

Mark Salinas:

thinks this you're gonna take

Mark Salinas:

the job and stay there forever.

Mark Salinas:

Not if you're a smart,

Mark Salinas:

ambitious engineer.

Luigi Tiano:

Yeah.

Mark Salinas:

You're either gonna

Mark Salinas:

leave to go down the street.

Mark Salinas:

Or you're gonna stay and

Mark Salinas:

get promoted and corporate

Mark Salinas:

needs to say, all right,

Mark Salinas:

I'm gonna hire four people.

Mark Salinas:

And one of you will get promoted

Mark Salinas:

in two years, 18 months,

Mark Salinas:

and the hungry, ambitious,

Mark Salinas:

smart, they'll get promoted.

Mark Salinas:

And then now we've got

Mark Salinas:

now a tier two person.

Mark Salinas:

And then same way for every

Mark Salinas:

two or three tier two.

Mark Salinas:

One of those get promoted to

Mark Salinas:

tier three and corporate needs

Mark Salinas:

to say, we're gonna have a flow.

Mark Salinas:

We want you to stay.

Mark Salinas:

And if you're our guy, you're gonna

Mark Salinas:

move from tier one to two to three.

Mark Salinas:

And certain amounts of time

Mark Salinas:

based on benchmarks, the service

Mark Salinas:

providers are kind of good at that.

Mark Salinas:

And I say kind of, because

Mark Salinas:

they're more forced

Mark Salinas:

into it's the same boat,

Luigi Tiano:

Right, yeah.

Mark Salinas:

In a year or two,

Mark Salinas:

the people that are young and

Mark Salinas:

ambitious, ambitious, meaning

Mark Salinas:

money are gonna quit for more

Mark Salinas:

pay and corporate will say, well,

Mark Salinas:

we don't wanna train the guy.

Mark Salinas:

And then he leaves.

Mark Salinas:

And I'm like, if you don't train

Mark Salinas:

him, he's gonna leave anyway.

Luigi Tiano:

Right.

Luigi Tiano:

Exactly.

Luigi Tiano:

There's a saying where, what if

Luigi Tiano:

you train him and they leave,

Luigi Tiano:

well, what if you don't train

Luigi Tiano:

him and they stay that's just as

Mark Salinas:

Right.

Mark Salinas:

No, no.

Mark Salinas:

I love that one.

Mark Salinas:

I'm like, and everybody stares

Mark Salinas:

at you, you're like, well,

Luigi Tiano:

Yeah, yeah, yeah.

Mark Salinas:

We need to go back

Mark Salinas:

to, you know, kind of the old days

Mark Salinas:

of saying, I'm gonna care and feed

Mark Salinas:

meaning I'm gonna hire these four.

Mark Salinas:

And I shouldn't say young cuz I'm

Mark Salinas:

not, you know, less experienced

Mark Salinas:

people that you're gonna grow.

Mark Salinas:

And yes, half of 'em will quit.

Mark Salinas:

Half of those half you'll wanna

Mark Salinas:

quit cuz they're not your type

Mark Salinas:

of people and that's okay.

Luigi Tiano:

That's okay.

Mark Salinas:

But again, we

Mark Salinas:

need to hire four people with a

Mark Salinas:

full understanding that you'll

Mark Salinas:

be lucky to keep two of em.

Luigi Tiano:

So along that line,

Luigi Tiano:

like for us when I'm talking to

Luigi Tiano:

clients and they're all looking

Luigi Tiano:

for cyber experts and looking for

Luigi Tiano:

infrastructure people, for me,

Luigi Tiano:

what I basically say is, okay,

Luigi Tiano:

well, prioritize your projects.

Luigi Tiano:

Gimme a list of your projects.

Luigi Tiano:

Because you're not gonna just

Luigi Tiano:

develop staff or skillset

Luigi Tiano:

overnight, the market is really

Luigi Tiano:

such is drained right now.

Luigi Tiano:

There's not a lot of

Luigi Tiano:

people in the market.

Luigi Tiano:

We know that.

Luigi Tiano:

There's a lot of

Luigi Tiano:

risk because of that.

Luigi Tiano:

There's a lot of bad actors

Luigi Tiano:

that take advantage of this.

Luigi Tiano:

There's not a lot of people

Luigi Tiano:

watching your enterprise,

Luigi Tiano:

then you could be at risk.

Luigi Tiano:

So what I'm basically telling

Luigi Tiano:

customers is, give me a list

Luigi Tiano:

of your projects for the next

Luigi Tiano:

12 months, 18 months, and

Luigi Tiano:

let just prioritize them and

Luigi Tiano:

hoping 60% of those projects

Luigi Tiano:

are in the security space.

Luigi Tiano:

Really.

Luigi Tiano:

I really hope just because,

Luigi Tiano:

I mean, if you leave the door

Luigi Tiano:

open, people are gonna come in.

Luigi Tiano:

You know what I mean?

Luigi Tiano:

That's kind of how I see it.

Luigi Tiano:

I mean, there's no

Luigi Tiano:

other way to go around.

Mark Salinas:

The good news

Mark Salinas:

is boards are expanding.

Mark Salinas:

I've talked to lots of people.

Mark Salinas:

I met this awesome CISO.

Mark Salinas:

And she's like, in her first,

Mark Salinas:

I don't know, month she's like,

Mark Salinas:

I got the board to quadruple my

Mark Salinas:

budget and I almost fainted.

Mark Salinas:

I'm like, I would've settled

Mark Salinas:

for double, but she's

Mark Salinas:

like, no, I quadrupled it.

Luigi Tiano:

She's good at

Luigi Tiano:

selling her business case.

Luigi Tiano:

That's great.

Mark Salinas:

She's good.

Mark Salinas:

Yeah, I very much

Mark Salinas:

wanted to work for her.

Mark Salinas:

It didn't work out that's okay.

Mark Salinas:

But anyway, it's boards are

Mark Salinas:

spending money, but again,

Mark Salinas:

now we're back to, okay.

Mark Salinas:

So if I give you a whole bunch

Mark Salinas:

of money and I tell you to go

Mark Salinas:

hire three people, I'm gonna

Mark Salinas:

come back in three months

Mark Salinas:

and say, how's it going?

Mark Salinas:

You're gonna tell me not so great.

Mark Salinas:

So half the advice I have

Mark Salinas:

brings back to hire more people.

Mark Salinas:

Oh yeah.

Mark Salinas:

There are more people to

Mark Salinas:

hire we're in this wheel.

Luigi Tiano:

That's

Luigi Tiano:

to my point, right?

Luigi Tiano:

Let's look at your projects

Luigi Tiano:

and then let's be realistic on

Luigi Tiano:

which ones can be delivered and

Luigi Tiano:

which ones need to be delivered.

Luigi Tiano:

And because there's not gonna

Luigi Tiano:

be more staff coming and that's

Luigi Tiano:

why I'm always asking that

Luigi Tiano:

question to anyone I speak

Luigi Tiano:

about the IT shortages, and

Luigi Tiano:

then I'm hoping that we're gonna

Luigi Tiano:

see more people in the field.

Luigi Tiano:

But, I mean, I'll

Luigi Tiano:

be honest with you.

Luigi Tiano:

I'm a little bit pessimistic

Luigi Tiano:

when it comes to that

Luigi Tiano:

cause I'm not seeing a lot of up

Luigi Tiano:

and coming individuals in their

Luigi Tiano:

early twenties who are looking

Luigi Tiano:

at IT as an attractive place.

Luigi Tiano:

I wish there were would

Luigi Tiano:

be more, but right now

Luigi Tiano:

it's kind of difficult.

Mark Salinas:

I wanna be the

Mark Salinas:

optimist and disagree with

Mark Salinas:

you, but I'm not, I got Zippo.

Luigi Tiano:

Well, again, that's

Luigi Tiano:

why we're so busy I guess.

Mark Salinas:

I feel like we

Mark Salinas:

just need to do a grassroots.

Mark Salinas:

It doesn't help us.

Mark Salinas:

I'll be retired by the time

Mark Salinas:

this plan goods through, but we

Mark Salinas:

need to go to the young people.

Mark Salinas:

My kids, and they were

Mark Salinas:

like, Ooh, that's geeky,

Mark Salinas:

like, Ooh, dirty geeky.

Mark Salinas:

And I'm like, You

Mark Salinas:

know, look at my car.

Mark Salinas:

I got a nice car.

Mark Salinas:

I paid for that.

Mark Salinas:

I'm telling my own kids be

Mark Salinas:

a geek and they go, yeah,

Mark Salinas:

dad, we know you're a geek.

Luigi Tiano:

It's a

Luigi Tiano:

good place to be in.

Luigi Tiano:

It's a great career.

Luigi Tiano:

You get to work with smart people.

Mark Salinas:

You're not

Mark Salinas:

cool, but you could buy a much

Mark Salinas:

cooler car than the cool guy.

Mark Salinas:

So come on buddy.

Luigi Tiano:

We should

Luigi Tiano:

start a podcast on how

Luigi Tiano:

to recruit young talent.

Mark Salinas:

Dude, you

Mark Salinas:

pull up in that that Audi or

Mark Salinas:

that TransAm or whatever the

Mark Salinas:

hot young person's car is.

Mark Salinas:

Hopefully it's not a Prius, but

Mark Salinas:

you pull up in the cool car.

Mark Salinas:

People will just

Mark Salinas:

assume you're cool.

Luigi Tiano:

I get it

Mark Salinas:

works for me.

Luigi Tiano:

I get it.

Luigi Tiano:

Yeah.

Luigi Tiano:

Yeah.

Luigi Tiano:

But TransAm, hasn't been

Luigi Tiano:

out there for a while so

Luigi Tiano:

that's dating ourselves.

Mark Salinas:

Dating myself Camaro.

Luigi Tiano:

It still is

Luigi Tiano:

cool though for some people

Luigi Tiano:

I'll have to be honest.

Mark Salinas:

Hey you know,

Mark Salinas:

try pull up on a McLaren

Luigi Tiano:

there you go.

Mark Salinas:

Think

Mark Salinas:

we're gonna be like, yes.

Mark Salinas:

Cool.

Luigi Tiano:

You're

Luigi Tiano:

right about that.

Luigi Tiano:

And it is a career where

Luigi Tiano:

you can achieve it.

Luigi Tiano:

That's what people are

Luigi Tiano:

gonna underestimate.

Luigi Tiano:

So look, we're doing

Luigi Tiano:

well with time, but I

Luigi Tiano:

wanna respect your time.

Luigi Tiano:

So I've got a couple minutes here.

Luigi Tiano:

I have one last question, which

Luigi Tiano:

I think we just touched on.

Luigi Tiano:

So when it comes to the state

Luigi Tiano:

of affairs, a cyber security

Luigi Tiano:

in terms of getting companies,

Luigi Tiano:

getting compromised or breached.

Luigi Tiano:

Let's be honest here.

Luigi Tiano:

Are things gonna get worse

Luigi Tiano:

before they get better.

Luigi Tiano:

Or are we on the

Luigi Tiano:

road to success here?

Mark Salinas:

That's

Mark Salinas:

a great question.

Mark Salinas:

I wish I had that crystal ball,

Mark Salinas:

but I would say they're gonna

Mark Salinas:

stay where they are because

Mark Salinas:

companies can today go buy a

Mark Salinas:

good EDR endpoint detection.

Mark Salinas:

You can go buy today, a good

Mark Salinas:

endpoint and have it managed.

Mark Salinas:

A lot of those software makers

Mark Salinas:

are providing protection.

Mark Salinas:

If you have no people, but

Mark Salinas:

you got a couple of box.

Mark Salinas:

Anybody can go buy good

Mark Salinas:

EDR and have it managed.

Mark Salinas:

That is a big part of it.

Mark Salinas:

I think that'll go a long way.

Mark Salinas:

I think it's gonna be about

Mark Salinas:

the same as it is today.

Mark Salinas:

And it's gonna take a while

Mark Salinas:

to get better because they're

Mark Salinas:

just gonna, you know, OT, let's

Mark Salinas:

say we secure all the PCs and

Mark Salinas:

my PCs are actually secured.

Mark Salinas:

Okay.

Mark Salinas:

What's next OT.

Mark Salinas:

You already said it.

Mark Salinas:

It's already there, so, okay.

Mark Salinas:

My PCs are safe, but

Mark Salinas:

my OTs and channels.

Luigi Tiano:

So you're saying

Luigi Tiano:

we're flattening out now.

Luigi Tiano:

Should we have seen the worst?

Mark Salinas:

I think let's

Mark Salinas:

call it a quality X today.

Mark Salinas:

I think we're gonna stay at this

Mark Salinas:

quality X for at least two years.

Luigi Tiano:

Well, that's good.

Luigi Tiano:

I mean it's obviously

Luigi Tiano:

more optimistic.

Luigi Tiano:

Well, it's more optimistic than I

Luigi Tiano:

would've been, to be honest with

Luigi Tiano:

you cuz I still see, we have some

Luigi Tiano:

challenges in the enterprise, but

Luigi Tiano:

I am seeing a lot more awareness.

Luigi Tiano:

Right?

Luigi Tiano:

So the awareness is good,

Luigi Tiano:

which is the fundamental

Luigi Tiano:

way to change things.

Luigi Tiano:

So if awareness is there and people

Luigi Tiano:

start engaging and taking a more

Luigi Tiano:

responsible role in the day to

Luigi Tiano:

day, I think we should be better.

Luigi Tiano:

But again, the only variable

Luigi Tiano:

there is that there's a lot

Luigi Tiano:

more bad actors in the market.

Luigi Tiano:

So there's more people out there

Luigi Tiano:

trying to make your day worse.

Mark Salinas:

Oh yeah.

Mark Salinas:

I don't wanna say one

Mark Salinas:

of the big emails.

Mark Salinas:

Like every day, they make

Mark Salinas:

it easy for the bad actors

Mark Salinas:

to set up an account.

Mark Salinas:

So a bad actor can set up a Gmail

Mark Salinas:

ID of a GM 1 23 with a name Mark,

Mark Salinas:

you know, with my name on it.

Mark Salinas:

And so when you get an

Mark Salinas:

email that says my name on

Mark Salinas:

it, and you're like, oh,

Mark Salinas:

Mark, sending me an email.

Mark Salinas:

It's not, it's the bad actor, so.

Mark Salinas:

There's some stuff that's

Mark Salinas:

still so easy, but you have to

Mark Salinas:

be cynical about any emails.

Mark Salinas:

There was a group, this one

Mark Salinas:

came in the guy had used

Mark Salinas:

someone else's LinkedIn.

Mark Salinas:

And he was like reaching out

Mark Salinas:

to people like his old friends.

Mark Salinas:

It's possible that, you know, if

Mark Salinas:

you're less cynical, you're like,

Mark Salinas:

oh, I think I remember a Bob.

Mark Salinas:

Yeah.

Mark Salinas:

Bob's something, you know,

Mark Salinas:

Hey Luigi, remember when you

Mark Salinas:

and I worked at Verizon and

Mark Salinas:

you'll be like, yeah, there

Mark Salinas:

was like, please, there were a

Mark Salinas:

hundred thousand people there.

Mark Salinas:

So it's still a challenge.

Mark Salinas:

We raise awareness, people say it,

Mark Salinas:

and I'm hoping that they're scared

Mark Salinas:

enough to not just click away.

Mark Salinas:

If we're scared of anything,

Mark Salinas:

it's just don't click without.

Luigi Tiano:

I agree with you.

Luigi Tiano:

Before we wrap up here to your last

Luigi Tiano:

point, like, know the difference

Luigi Tiano:

between spam and an actual

Luigi Tiano:

phishing email, that's important.

Luigi Tiano:

That's for sure.

Mark Salinas:

I know this is spam.

Mark Salinas:

Then the gift cards.

Mark Salinas:

Oh my Lord.

Mark Salinas:

Every week.

Mark Salinas:

Hey, from the CEO, Dave.

Mark Salinas:

Hey, so and so pick up some

Mark Salinas:

gift cards for the team.

Mark Salinas:

And it was so funny.

Mark Salinas:

I never laughed so hard.

Mark Salinas:

The directors that knew my

Mark Salinas:

CEO said this guy's a cheap

Mark Salinas:

SOB and there's no way he's

Mark Salinas:

buying gift cards for the team.

Luigi Tiano:

You didn't

Luigi Tiano:

have to validate that.

Mark Salinas:

I just laughed.

Mark Salinas:

I'm like, okay, whatever works.

Mark Salinas:

That was fun.

Mark Salinas:

Good times.

Luigi Tiano:

Mark.

Luigi Tiano:

Before we wrap up do you

Luigi Tiano:

have any questions for me?

Mark Salinas:

Is there a good

Mark Salinas:

target market for you in terms

Mark Salinas:

of who you're dealing with?

Mark Salinas:

Is it more the midsize?

Luigi Tiano:

Yeah, it's tricky

Luigi Tiano:

cause in midsize in Canada versus

Luigi Tiano:

US midmarket is a little different.

Luigi Tiano:

So our large enterprise

Luigi Tiano:

ends up being your

Luigi Tiano:

midmarket there in the US.

Luigi Tiano:

Kind of right.

Luigi Tiano:

Here at Assurance IT we typically

Luigi Tiano:

deal with the mid-market companies,

Luigi Tiano:

anything to do from, I'd say

Luigi Tiano:

250 employees to 3000 employees.

Luigi Tiano:

It's a wide sweet spot, but it's

Luigi Tiano:

a good sweet spot because going

Luigi Tiano:

back to your point earlier,

Luigi Tiano:

there's a lot of need there.

Luigi Tiano:

There's a lot of

Luigi Tiano:

requirements there.

Luigi Tiano:

Some companies have

Luigi Tiano:

grown tremendously.

Luigi Tiano:

They got a whole bunch of new

Luigi Tiano:

employees on staff and they

Luigi Tiano:

just haven't been able to keep

Luigi Tiano:

up with the security demands.

Luigi Tiano:

I've worked in large

Luigi Tiano:

enterprise myself before.

Luigi Tiano:

I enjoy it.

Luigi Tiano:

The only thing I can say is,

Luigi Tiano:

without knocking anyone, there

Luigi Tiano:

are longer cycles to get things

Luigi Tiano:

done sometimes, you know?

Luigi Tiano:

So, I mean, again, it's

Luigi Tiano:

just a matter of cycles.

Luigi Tiano:

Budgets come in and you have

Luigi Tiano:

to go ahead and they have to

Luigi Tiano:

deliver a project and so on.

Luigi Tiano:

But we find that in the midmarket

Luigi Tiano:

space where companies need

Luigi Tiano:

to react quicker, they have

Luigi Tiano:

less layers of management.

Luigi Tiano:

They're a lot more nimble.

Luigi Tiano:

They see a need, they

Luigi Tiano:

go get budget approval.

Luigi Tiano:

Business cases are

Luigi Tiano:

approved a lot quicker.

Luigi Tiano:

And then we move.

Luigi Tiano:

So that's who our targets are.

Luigi Tiano:

We're seeing a lot of success

Luigi Tiano:

in there and we attribute a

Luigi Tiano:

lot of process into the game.

Luigi Tiano:

It's great that you throw a tool

Luigi Tiano:

at it, of course, but you have to

Luigi Tiano:

also have a process to make sure

Luigi Tiano:

that, business continuity only

Luigi Tiano:

plans, make sure that you've got

Luigi Tiano:

an awareness program in place.

Luigi Tiano:

And what are you

Luigi Tiano:

doing to measure that?

Luigi Tiano:

Those are all things that

Luigi Tiano:

companies kind of forget

Luigi Tiano:

when they install a tool.

Luigi Tiano:

So tools, processes, and people.

Luigi Tiano:

It's very important.

Mark Salinas:

No,

Mark Salinas:

you're spot on spot on.

Luigi Tiano:

Well, Mark,

Luigi Tiano:

any other questions?

Mark Salinas:

No, no, no.

Mark Salinas:

I just was gonna throw out some

Mark Salinas:

crazy idea, but that's what we're

Luigi Tiano:

go ahead.

Luigi Tiano:

What's the crazy idea, man?

Mark Salinas:

Dismiss

Mark Salinas:

these frameworks.

Mark Salinas:

I very much appreciate what

Mark Salinas:

they're doing, but, I got a

Mark Salinas:

crazy thought listening to you

Mark Salinas:

cuz you inspire thought Luigi.

Mark Salinas:

Yeah.

Mark Salinas:

That's that's a quite,

Mark Salinas:

quite high praise.

Mark Salinas:

Cuz I'm working on NIST and I

Mark Salinas:

like NIST in that it's plain.

Mark Salinas:

Like I get it 90 days

Mark Salinas:

for password expiration.

Mark Salinas:

Okay.

Mark Salinas:

I know what that means.

Mark Salinas:

I know what to do about it.

Mark Salinas:

It's easy.

Mark Salinas:

But it's also 140 checkboxes.

Mark Salinas:

That's a lot of checkboxes.

Mark Salinas:

I think maybe the industry

Mark Salinas:

should push for like a NIST

Mark Salinas:

light, kind of like, first

Mark Salinas:

grade, if you can get to this

Mark Salinas:

first level, you're not perfect.

Mark Salinas:

You're not a defense

Mark Salinas:

contractor level, but

Mark Salinas:

you're at least somewhere.

Luigi Tiano:

Yes.

Mark Salinas:

And so

Mark Salinas:

that would be like spam.

Mark Salinas:

And the good news is you can

Mark Salinas:

get a spam service and an EDR

Mark Salinas:

service and a web hosting service.

Mark Salinas:

I'm seeing web hosting companies

Mark Salinas:

offer managed WAF that as

Mark Salinas:

part of managing the app.

Mark Salinas:

I'm like, okay, now we're talking.

Mark Salinas:

I mean, I know you gotta pay for

Mark Salinas:

it obviously, but versus hiring

Mark Salinas:

a WAF person, not happening.

Mark Salinas:

So if I can buy a server hosting

Mark Salinas:

along with the whole WAF layer.

Mark Salinas:

There you go.

Luigi Tiano:

Yeah.

Luigi Tiano:

Mark, that's a very good point.

Luigi Tiano:

So what we do is, again, some of

Luigi Tiano:

the companies just don't have the

Luigi Tiano:

exhaustive time or the effort to go

Luigi Tiano:

through these weeks or month long

Luigi Tiano:

situations where they have to

Luigi Tiano:

go through frameworks and so on.

Luigi Tiano:

We leverage very often in Canada,

Luigi Tiano:

we have what we call cyber secure

Luigi Tiano:

Canada, which essentially is

Luigi Tiano:

like 13 controls that, they're

Luigi Tiano:

published, they're online.

Luigi Tiano:

Easy to read, easy to consume.

Luigi Tiano:

Anyone can understand them.

Luigi Tiano:

And they're 13 security

Luigi Tiano:

controls that are well aligned

Luigi Tiano:

with a lot of the frameworks

Luigi Tiano:

out there already today.

Luigi Tiano:

They also align with what the cyber

Luigi Tiano:

insurance companies are asking for.

Luigi Tiano:

So when a customer comes to me

Luigi Tiano:

and says, well, where do I start?

Luigi Tiano:

I said, well, you can't go wrong

Luigi Tiano:

by looking at these 13 points.

Luigi Tiano:

Start with these.

Luigi Tiano:

Do your self-assessment, you

Luigi Tiano:

know, what are you doing today?

Luigi Tiano:

Are you doing MFA?

Luigi Tiano:

Are you doing the

Luigi Tiano:

education awareness?

Luigi Tiano:

Are you doing the backup?

Luigi Tiano:

And then if you're not like,

Luigi Tiano:

at least it doesn't come off

Luigi Tiano:

as if I'm trying to push you

Luigi Tiano:

something, it's a self-assessment

Luigi Tiano:

that you can easily do yourself.

Luigi Tiano:

And from there we say,

Luigi Tiano:

okay, where's the gap?

Luigi Tiano:

What are you missing?

Luigi Tiano:

Let's go and fill those gaps.

Luigi Tiano:

So I agree with you.

Luigi Tiano:

I mean, there's a lot of

Luigi Tiano:

frameworks out there and sometimes

Luigi Tiano:

are overwhelming for people.

Luigi Tiano:

So if an organization can

Luigi Tiano:

self-assess themselves, It's a

Luigi Tiano:

great start that way, it's coming

Luigi Tiano:

from themselves versus someone

Luigi Tiano:

else externally, and it's a way

Luigi Tiano:

of keeping yourself honest and

Luigi Tiano:

do that on a yearly, you know,

Luigi Tiano:

just make sure on a yearly basis,

Luigi Tiano:

you're keeping up with that.

Luigi Tiano:

Cause again, if you don't have

Luigi Tiano:

enough staff to go through all

Luigi Tiano:

those processes, make sure there's

Luigi Tiano:

someone there, like you said,

Luigi Tiano:

that individual, that responsible,

Luigi Tiano:

that can self-assess themselves.

Mark Salinas:

Yep.

Mark Salinas:

I like it.

Luigi Tiano:

Well good.

Luigi Tiano:

Listen, mark.

Luigi Tiano:

This has been fantastic.

Luigi Tiano:

I really appreciate going

Luigi Tiano:

back and forth here.

Mark Salinas:

Absolutely, man.

Mark Salinas:

You inspire thought, dude,

Mark Salinas:

you're making me think

Luigi Tiano:

I'm

Luigi Tiano:

gonna remember that.

Luigi Tiano:

I gotta tell my family that one.

Mark Salinas:

Sometimes

Mark Salinas:

things I don't wanna think

Mark Salinas:

about, but that's, you know,

Luigi Tiano:

that's what

Luigi Tiano:

we're for, we gotta keep

Luigi Tiano:

ourselves on our toes.

Mark Salinas:

Hey, real quick.

Mark Salinas:

On the cyber insurance met

Mark Salinas:

some interesting contacts.

Mark Salinas:

One, the cyber insurance

Mark Salinas:

guys are taking a bath.

Mark Salinas:

They're getting soaked.

Mark Salinas:

So either they weren't good

Mark Salinas:

at assessing or whatever it

Mark Salinas:

is, they're taking a bath.

Mark Salinas:

So they're jacking up their rates.

Mark Salinas:

I know personally speaking,

Mark Salinas:

our rates went up despite

Mark Salinas:

reaching compliance.

Mark Salinas:

So our security posture went

Mark Salinas:

up and our rates still went up.

Mark Salinas:

Second.

Mark Salinas:

I got audited by one of those guys.

Mark Salinas:

I almost ripped in the shreds and I

Mark Salinas:

almost got thrown out of the room.

Mark Salinas:

He didn't like a lot

Mark Salinas:

of service accounts.

Mark Salinas:

We're big on service accounts,

Mark Salinas:

you know, machine logs in, machine

Mark Salinas:

X and then you know who it is.

Mark Salinas:

And this guy, like, nah, too many

Mark Salinas:

service accounts are too tedious.

Mark Salinas:

And I'm like, so you want me to

Mark Salinas:

share logins and share passwords?

Mark Salinas:

And like he wanted to say yes,

Mark Salinas:

but he knew where I was going.

Mark Salinas:

And I just was like, this

Mark Salinas:

guy doesn't deserve his job.

Mark Salinas:

If he thinks that sharing

Mark Salinas:

service accounts is a good idea.

Mark Salinas:

It should be canned.

Mark Salinas:

That's a little harsh, bro.

Luigi Tiano:

You got 'em there.

Luigi Tiano:

That's good.

Luigi Tiano:

But you're right about the

Luigi Tiano:

cyber insurance policies and

Luigi Tiano:

what we're seeing also is

Luigi Tiano:

that they'll get approved

Luigi Tiano:

with a lot of contingencies, a lot

Luigi Tiano:

of if you don't comply by X date,

Luigi Tiano:

we're gonna just pull it away.

Luigi Tiano:

Well, I mean, they'll

Luigi Tiano:

prove you on a renewal.

Luigi Tiano:

We work with a couple of

Luigi Tiano:

cyber insurance companies.

Luigi Tiano:

And what we're seeing

Luigi Tiano:

is the renewals are the

Luigi Tiano:

hardest things right now.

Luigi Tiano:

So forget the net new customers.

Luigi Tiano:

It's the actual renewals cuz

Luigi Tiano:

they were giving policies away.

Luigi Tiano:

Right?

Luigi Tiano:

A lot of policies.

Luigi Tiano:

They were just writing them

Luigi Tiano:

up, everyone was buying

Luigi Tiano:

them and everyone was cool

Luigi Tiano:

three, four years ago.

Luigi Tiano:

But now upon renewal, the

Luigi Tiano:

underwriting companies are

Luigi Tiano:

saying, well, wait a second.

Luigi Tiano:

We don't wanna assume that

Luigi Tiano:

risk because we know that

Luigi Tiano:

they're in an industry or they

Luigi Tiano:

don't have the staff to manage

Luigi Tiano:

the risk associated with it.

Luigi Tiano:

And, according to our books,

Luigi Tiano:

they're getting hacked every day.

Luigi Tiano:

So regardless of jacking up the

Luigi Tiano:

prices, they won't renew them

Luigi Tiano:

unless they do certain things.

Mark Salinas:

And I agree

Mark Salinas:

with that, but where's

Mark Salinas:

that line, you know?

Luigi Tiano:

Insurance companies

Luigi Tiano:

are not in the business of

Luigi Tiano:

losing money mark, as you know.

Mark Salinas:

No, they're not.

Mark Salinas:

And so I get it, but it's sort

Mark Salinas:

like, are you gonna have a guy

Mark Salinas:

like clearly the last security

Mark Salinas:

assessor knew way less than I did?

Luigi Tiano:

Yeah.

Luigi Tiano:

Well, again, it goes back

Luigi Tiano:

to the skillset lacking.

Luigi Tiano:

There's a lot of skillset lacking

Luigi Tiano:

in the field and they've got their

Luigi Tiano:

check boxes that they go through.

Luigi Tiano:

So I guess it's an

Luigi Tiano:

interesting field.

Luigi Tiano:

There's a lot, a lot of challenges.

Luigi Tiano:

And I think for me, there's a lot

Luigi Tiano:

of exciting stuff coming ahead.

Luigi Tiano:

I think we're only in the

Luigi Tiano:

infancy when it comes to really

Luigi Tiano:

protecting the enterprise,

Luigi Tiano:

the individual and so on.

Mark Salinas:

And real quick,

Mark Salinas:

again, sort of on the personal

Mark Salinas:

advice level, we used Dark Trace.

Mark Salinas:

Dark Trace is fascinating,

Mark Salinas:

but the end of the day it

Mark Salinas:

was more of a time suck.

Mark Salinas:

When Dark Trace said, you better

Mark Salinas:

look at this, there goes an

Mark Salinas:

hour to three hours of your day.

Luigi Tiano:

Wow.

Mark Salinas:

It's a cool tool,

Mark Salinas:

but it's not a hundred percent.

Mark Salinas:

So twice it was either legit

Mark Salinas:

software or just a mixture

Mark Salinas:

of bad events or not bad,

Mark Salinas:

just mislabeled events.

Mark Salinas:

You know, oh, AI and self learning

Mark Salinas:

and hoorah, I'm gonna sit back

Mark Salinas:

and it's gonna tell me stuff.

Mark Salinas:

No, it says, look at this and now

Mark Salinas:

take four hours outta your day.

Mark Salinas:

There's some neat tools, but

Mark Salinas:

we're back to, here's a tool

Mark Salinas:

that is gonna take three

Mark Salinas:

hours, two hours on my day.

Luigi Tiano:

Exactly.

Luigi Tiano:

That's a good point.

Luigi Tiano:

Yeah.

Luigi Tiano:

Agreed.

Luigi Tiano:

Well, mark, I have to officially

Luigi Tiano:

thank you for taking the time.

Luigi Tiano:

It was a pleasure.

Luigi Tiano:

It was an honor,

Mark Salinas:

absolutely.

Luigi Tiano:

To spend

Luigi Tiano:

the time with you.

Luigi Tiano:

And I know we're gonna continue

Luigi Tiano:

this conversation online and

Luigi Tiano:

in person one day and again

Luigi Tiano:

wishing you a great day.

Mark Salinas:

Thank you

Mark Salinas:

Luigi real pleasure, man.

Mark Salinas:

It's absolutely a blast.

Mark Salinas:

So we'll have to keep in touch

Mark Salinas:

and fix stuff as it breaks.

Mark Salinas:

And Ugh, I don't know.

Links

Chapters

Video

More from YouTube